[英]How to apply Azure resource locks to Resource Groups via Policy
我正在嘗試創建一個 Azure 策略,該策略將向訂閱中的資源組部署具有“CanNotDelete”級別的資源鎖。
目前,該策略 100% 合規,但該策略尚未創建任何鎖定。
我的 JSON policy.rules 文件中有以下內容;
{ "if": { "field": "type", "equals": "Microsoft.Resources/resourceGroups" }, "then": { "effect": "deployIfNotExists", "details": { "type": "Microsoft.Authorization/locks", "existenceCondition": { "field": "Microsoft.Authorization/locks/level", "equals": "CanNotDelete" }, "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/0000-0000-0000-0000-0000000" ], "deployment": { "properties": { "mode": "incremental", "template": { "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json", "contentVersion": "1.0.0.0", "parameters": { "location": { "type": "string" } }, "resources": [ { "type": "Microsoft.Authorization/locks", "apiVersion": "2017-04-01", "name": "ResourceLock", "properties": { "level": "CanNotDelete", "notes": "Prevent accidental deletion of resource groups" } } ] } } } } } }
設法通過兩個更改使其工作;
我希望能幫助遇到同樣問題的人
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.